Up
Previous Next

Sheriff CSMâ„¢

NBS System Naxsi

When you configure NBS System Naxsi to send log data to Sheriff CSM, you can use the NBS System Naxsi plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor NBS System
Device Type Firewall
Connection Type Syslog
Data Source Name Naxsi
Data Source ID 1893

Integrating NBS System Naxsi

NBS System Naxsi is a service installed on systems running a Linux-based OS. To send logs collected from Linux built-in services, you just need to add an rsyslog configuration file that reads from a specified file and redirects the logs to Sheriff CSM. Before you configure the NBS System Naxsi integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure NBS System Naxsi to send Syslog messages to Sheriff CSM

  1. Create a new rsyslog configuration file with the following entries:

    $ModLoad imfile
$InputFileName /var/log/nginx/error.log
$InputFileTag naxsi
$InputFileStateFile naxsi-events
$InputFileSeverity error
$InputFileFacility local7
$InputRunFileMonitor
 
*.* @<Sheriff CSM>:514

  1. Save the rsyslog configuration file and restart rsyslog.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://github.com/nbs-system/naxsi/wiki

For troubleshooting, refer to the vendor documentation:

http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html

This topic: Sheriff > UserGuides > SheriffCSMDocumentation > DeploymentGuide > PluginManagement > ConfigureLogForwardingOnCommonlyUsedDataSources > NBSSystemNaxsi
Topic revision: 29 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.